Instructions: Scroll down to review and begin the challenges.
 |
|
 |
|
 |
Category 5: Malware Analysis-Reverse Engineering
|
 |
|
 |
|
You can check your answers in the "Project 1: Individual CTF Answer
Checker” area in the Quizzes section of the course. There is no limit to
the number of times you can check to see if an answer is correct, and
the scores from the answer checker will not affect your course
grade.
|
Category 1: Encoding and Encryption
VU1HQy0xODMzNQ==
Answer format:
1.1.1.1
c7.c9.cc.22
Answer format:
1.1.1.1
BTNJ Jfily Alht
UFJVIFByZWd2c3Zwbmd2YmE=
1-10
|
Find the appropriate substitution cipher to decode the phrase below
and find the flag. |
2-1
|
Identify the exact
|
|
|
|
|
2-3
|
Identify the exact
|
|
|
|
|
2-5
|
Identify the exact
|
|
|
|
|
2-7
|
Identify the exact
|
|
|
|
|
2-9
|
Identify the exact
|
|
|
|
|
Category 3: Forensics-Hard Disks
Download the file and find the flag.
|
|
|
3-5
|
Use the provided
|
|
|
|
|
to determine which version of AccessData FTK
|
Imager is installe
|
|
|
|
|
Use the
|
provided. There are five images that can be recovered on this
|
|
|
|
|
drive. Wme of the first file with an extension?
|
3-10
|
|
|
|
Download the file and find the flag.
4-5
|
Use the |
|
|
|
Use the |
|
4-7
|
Use the |
to determine what time the hacker logs in successfully.
|
|
Use the
|
to determine what user is trying to log in (full string).
|
|
|
|
Category 5: Malware Analysis-Reverse Engineering
Download the file and then find the flag.
Answer format: IP Address:Port
Answer format: IP Address:Port
Example: 1.1.1.1:1234
Answer format: IP Address:Port
Example: 1.1.1.1:1234
. . .
mov eax, 4
mov edx, 6
call @Function
. . .
6-1
|
In this |
, what is the IP address of the SSH server?
|
|
In this |
|
|
In this |
|
6-4
|
In this |
, find the admin's password.
|
|
In this |
|
|
In this |
|
this ac
|
6-7
|
In this |
|
|
In this |
, find the admin password.
|
6-9
|
In this |
|
|
In this |
|
7-1
|
|
|
|
|
What is the 10-digit phone number to reach the technical contact of
the University of Maryland College Park?
|
7-4
|
|
|
|
|
Find the MD5 hash (all CAPS) of the Win-Zip 6.3 (SR-1) file.
|
7-7
|
|
|
|
|
What was the Apache web server version for pgcps.org in 2011?
|
Answer format: #.#.##
Category 8: Password Hashing
Given the hash, find the password.
Category 9: Scanning Exploitation
Download the file and then determine the information required to find
the flag. Note that Questions 9-7 through 9-10 require the download of a
1.3 GB .ova file. The same file is used for all questions.
|
Examine the output of the |
|
|
9-2
|
Examine the output of the |
provided.
|
|
|
Examine the output of the |
|
|
9-4
|
Examine the output of the |
provided.
|
| What is the IP address of thhat responds, but does not
have any ports open? |
|
Examine the output of the |
|
|
9-6
|
Examine the output of the |
provided.
|
|
|
|
|
The VM is set to the host-only network set to 192.168.1.200. The root
password is not given, and the default password has been changed.
You will need to configure another VM like Kali on the host-only
network to scan it. There is a flag on the ftp server on this host:
192.168.1.200.
The VM is set to the host-only network set to 192.168.1.200. The root
password is not given, and the default password has been changed.
You will need to configure another VM like Kali on the host-only
network to scan it. Find the password for homer on the 192.168.1.200
host.
You will need to configure another VM like Kali on the host-only
network to scan it.
|
If you are able to break into the system, there is a file in the /
directory with the admin's password. What is the admin's password?
|
|
for this question.
|
The VM root password is not given, and the default password has been
changed.
|
On the VM provided, run the solitaire game.
That name is listed in the title bar. This will be the flag.
On the warning about running as root when you first log in, click
Continue.
|
On the VM provided, find the file on this system with this MD5 hash:
f41347263c84c7fbbe72e47fd100a183
This will be the flag.
On the warning about running as root when you first log in, click
Continue.
|
On the VM provided, find the last IP address to SSH to this machine.
This will be the flag.
On the warning about running as root when you first log in, click
Continue.
|
On the VM provided, find what time yoda's password was changed. This
will be the flag.
usernam
On the warning about running as root when you first log in, click
Continue.
|
located username is root and the password is umgc.
On the warning about running as root when you first log in, click
Continue.
|
